Versions (3)
Version DetailsCurrent
Rev: 2 • Nov 11, 2020, 12:00 PMET MALWARE DNS Reply Sinkhole - Anubis/BitSight - 35.205.61.67
alert dns any any -> $HOME_NET any (msg:"ET MALWARE DNS Reply Sinkhole - Anubis/BitSight - 35.205.61.67"; content:"|00 01 00 01|"; content:"|00 04 23 cd 3d 43|"; distance:4; within:6; content:!"|0e|anubisnetworks|03|com|00|"; nocase; content:!"|05|mpsmx|03|net|00|"; nocase; content:!"|09|mailspike|03|com|00|"; nocase; content:!"|09|mailspike|03|org|00|"; nocase; threshold:type limit, track by_src, seconds 60, count 1; reference:url,travisgreen.net/2019/08/13/anubis-sinhole.html; classtype:trojan-activity; sid:2031197; rev:2; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2020_11_11, deployment Perimeter, confidence Medium, signature_severity Minor, updated_at 2022_07_13;)
Nov 11, 2020, 12:00 PM
Jul 13, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules